CUSTOMER PRIVACY POLICY

INFORMATION PROCESSING PERSONAL DATA

(ART. 13 and 14 REG. EU 2016/679)

The application of this Privacy Policy is purely related to online activities on this website and is effective for visitors and users.

It is not applied to information collected on other websites. Data provided by visitors and site users are going to be processed with full respect of national (D. Lgs 30 June 2003 n. 196, Codice in materia di protezione dei dati personali) and EU (European regulation on data privacy policy n. 679/2016, GDPR) Regulation. Further modifications are going to be processed with all the effort so that users’ rights are not going to be damaged.

You can reach him (by using the info in the contact section or via email info@villa-elsa.com)

Data treatment operations are carried out by the Data Controller or by associates specifically authorized by the controller him/her self.

b) Purpose of the processing –

The purpose of the treatment is finalized to supply the required services. Moreover, is used to send promotional information on owner’ services/products through technological (SMS, email) and non-technological (paper) tools. The user can stop the communications (that is specify contract mode) in any moment.

c) Legal basis of the treatment – This site processes data according to consent. By using and consulting this website the user explicitly approves this privacy policy and agrees his/her data treatment according with the following modality. This also includes sharing data to others to provide the requested service.

This site uses log files which display, and store acquired information by automatic tools during the users’ visits. Collected information could be the following:

– internet protocol address (IP);

– type of browser and the connected device standards;

– internet service provider (ISP);

– date and time of visit;

– Referral traffic to get in and out of the website;

– number of clicks

The collected information can be used for safety reasons or to verify the correct site functioning.

Auto-registered data (ed antispam filters, firewall, virus detecting) can contain personal data such as IP address. IP address could be used to block site damaging attempts. This data are only used for the abovementioned reasons and never for the user’s identification.

e) Data Communication – When the user can add comments or other information and decides to do so, he/she explicitly accepts the Privacy Policy and specifically agrees third-party sharing. Email is included in this kind of information.

When the user requests particular services, website automatically detects and records some personal data, in which the email address is included. These data are voluntary and consciously supplied by the user. This makes the service delivery possible.

Owner’s Partners or employees and third-party, always in the field of interconnected activities. Staff has been duly trained about privacy, personal data security and privacy rights matters.

– Public authorities for laws purposes.

f) Storing Data – The data acquired are going to be kept as long as it takes to give the required services and, in any case, for a period no longer than 10 years.

When users want to publish information through the site services they have to consider their comments are voluntary and consciously given. This site, in fact, hasn’t any responsibility for any violation of the law. The user needs to be informed on the national and international law and have the permission of sharing certain contents according to these laws. In any case the data are going to be shared with people not authorized.

g) Transferring Data to NON-EU Countries – This site could share collected data with services located outside the European Union.

Especially with Google, Facebook through plugin social and Google Analytics. Transferring is authorized based on specific EU decisions and the privacy data Guarantor , in particular 1250/2016 which does not request further authorization . Above mentioned companies all agree to Privacy Shield Policy.

h) Conferment of Data – Conferment of personal data and its collecting, treating consent is elective.

User can deny consent, and can withdraw the consent previously authorised

– access, adjust, cancel, limit and oppose to the treatment of the given data

– obtain, without any impediment, the personal data from the data controller. The data shall be given in a common format which needs to be legible by any automatic device. If needed the data can be transferred to another data controller.

– revoke the privacy policy consent. Note that the data used with your consent until the moment of the annulment can be utilized by the data controller within the above-mentioned conditions.

– propose a claim to the Guarantor Authority for the protection of personal data

You can assert the above-mentioned rights with a notice addressed to the Data Controller.